#VU90245 Use-after-free in Linux kernel
Vulnerability identifier: #VU90245
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the llcp_sock_bind() and llcp_sock_connect() functions in net/nfc/llcp_sock.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6
http://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570
http://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c
http://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610
http://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c
http://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e
http://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91
http://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299
http://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
